Bogus hacking Android apps offered on Google Play

[Free CISSP Exam Study Guide] Get expert advice that will help you pass the CISSP exam: sample questions, summaries of all 8 CISSP domains and more!

Getting your Android apps from Google Play is always a better bet than picking them up from third party online marketplaces, but you also can’t be completely sure you won’t stumble upon malicious or at least extremely annoying apps.

While doing a routine “patrol” of popular Android app markets, McAfee researchers have discovered a whole host of bogus apps – hacking tools, utility tools, pornographic apps – that only pretend to do what they say they do, and in the meantime push unwanted ads and apps onto users:

“Once installed by the victim, the apps appear to work at first but in fact they simply display screens with interactions that are all fake, using hard-coded or random values generated by the code to seem legitimate. In short, these apps are fake or joke applications,” explains Yukihiro Okutomi.

The ad modules bundled up with them keep bombarding the user with ads even when the app is not in use. Some of them can scan the device and see what apps are already installed (so they can offer others), and one even tries to download a bogus AV app called Armor for Android.

These apps are offered by various registered developers that every now and then get the boot from Google Play, but immediately open new accounts with a different name and continue to peddle the apps under changed names but often similar claims about their capabilities (usually those that legitimate apps are unable to offer – Facebook hacking, WiFi hacking, etc.).